I've set up a couple of Domain Controllers and the first DC I set up is taking a while to start up and occassionally displaying a warning in the Windows Event Log that I think may be related to the long startup times during the 'Preparing Network Connections…' phase of loading. Note this is Windows 2003 Server.
- I have included below:
- Event Description
- Netdiag output
- Nltest /dsregdns output
Event Description
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'intranet.example.com.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
– TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
– Specified preferred and alternate DNS servers are not running
– DNS server(s) primary for the records to be registered is not running
– Preferred or alternate DNS servers are configured with wrong root hints
– Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
Output from netdiag
..................................
Computer Name: ExampleServer
DNS Host Name: ExampleServer.intranet.example.com
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : EM64T Family 6 Model 15 Stepping 6, GenuineIntel
List of installed hotfixes :
KB926139-v2
KB926141
KB942288-v4
KB954550-v7
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : ExampleServer
IP Address . . . . . . . . : 192.168.12.250
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.12.1
Dns Servers. . . . . . . . : 127.0.0.1
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messeng
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{C022111A-...}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Serv
ice', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1'
and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{C022111A-...}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{C022111A-...}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
nltest /dsregdns
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully
Best Answer
Configuring each DC to use only itself for DNS via
127.0.0.1
is your problem.Configure DC1 to use DC2 as the first try for DNS resolution. Configure DC2 to use DC1 as the first try for DNS resolution. Configure each DC to use itself as a secondary DNS source.
You could also take the action described here about making the Netlogon service depend on the DNS service. http://support.microsoft.com/kb/259277
NOTE: A common cause for these errors is that a domain controller references itself as a primary DNS server in its TCP/IP properties. When the domain controller starts in this configuration, the Netlogon service may start before the DNS service starts. Because the Netlogon service must register records in DNS and the DNS service is not yet available, errors may occur. In this situation, you can safely ignore the errors because the Netlogon service will again try to register the records in approximately five minutes, at which time it will be successful. However, there are two ways to avoid the errors in this scenario:
REGEDT32
, and go to:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon
In the right pane, double-click the valueDependOnService
and addDNS
to the next available blank line.For additional information, click the article number below to view the article in the Microsoft Knowledge Base 193888: How to Delay Loading of Specific Services